def testParseVista(self): """Tests the Parse function on a Windows Vista RecycleBin file.""" parser = recycler.WinRecycleBinParser() storage_writer = self._ParseFile(['$II3DF3L.zip'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2012-03-12 20:49:58.633000') expected_filename = ( 'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip') self.assertEqual(event.original_filename, expected_filename) self.assertEqual(event.file_size, 724919) expected_message = '{0:s} (from drive: UNKNOWN)'.format( expected_filename) expected_short_message = 'Deleted file: {0:s}'.format( expected_filename) self._TestGetMessageStrings(event, expected_message, expected_short_message)
def testParse(self): """Tests the Parse function.""" parser_object = recycler.WinRecycleBinParser() test_file = self._GetTestFilePath([u'$II3DF3L.zip']) event_queue_consumer = self._ParseFile(parser_object, test_file) event_objects = self._GetEventObjectsFromQueue(event_queue_consumer) self.assertEqual(len(event_objects), 1) event_object = event_objects[0] self.assertEqual( event_object.orig_filename, (u'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip')) expected_timestamp = timelib.Timestamp.CopyFromString( u'2012-03-12 20:49:58.633') self.assertEqual(event_object.timestamp, expected_timestamp) self.assertEqual(event_object.file_size, 724919) expected_msg = ( u'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip ' u'(from drive: UNKNOWN)') expected_msg_short = ( u'Deleted file: C:\\Users\\nfury\\Documents\\Alloy Research\\' u'StarFury.zip') self._TestGetMessageStrings(event_object, expected_msg, expected_msg_short)
def testParseVista(self): """Tests the Parse function on a Windows Vista RecycleBin file.""" parser = recycler.WinRecycleBinParser() storage_writer = self._ParseFile(['$II3DF3L.zip'], parser) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 1) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2012-03-12 20:49:58.6330000', 'data_type': 'windows:metadata:deleted_item', 'file_size': 724919, 'original_filename': ('C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip') } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseWindows10(self): """Tests the Parse function on a Windows 10 RecycleBin file.""" parser = recycler.WinRecycleBinParser() storage_writer = self._ParseFile(['$I103S5F.jpg'], parser) number_of_events = storage_writer.GetNumberOfAttributeContainers( 'event') self.assertEqual(number_of_events, 1) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'extraction_warning') self.assertEqual(number_of_warnings, 0) number_of_warnings = storage_writer.GetNumberOfAttributeContainers( 'recovery_warning') self.assertEqual(number_of_warnings, 0) events = list(storage_writer.GetEvents()) expected_event_values = { 'date_time': '2016-06-29 21:37:45.6180000', 'data_type': 'windows:metadata:deleted_item', 'file_size': 222255, 'original_filename': ('C:\\Users\\random\\Downloads\\bunnies.jpg') } self.CheckEventValues(storage_writer, events[0], expected_event_values)
def testParseWindows10(self): """Tests the Parse function on a Windows 10 RecycleBin file.""" parser = recycler.WinRecycleBinParser() storage_writer = self._ParseFile(['$I103S5F.jpg'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) event = events[0] self.CheckTimestamp(event.timestamp, '2016-06-29 21:37:45.618000') event_data = self._GetEventDataOfEvent(storage_writer, event) expected_filename = ('C:\\Users\\random\\Downloads\\bunnies.jpg') self.assertEqual(event_data.original_filename, expected_filename) self.assertEqual(event_data.file_size, 222255) expected_message = '{0:s} (from drive: UNKNOWN)'.format( expected_filename) expected_short_message = 'Deleted file: {0:s}'.format( expected_filename) self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def testParseWindows10(self): """Tests the Parse function on a Windows 10 RecycleBin file.""" parser = recycler.WinRecycleBinParser() storage_writer = self._ParseFile(['$I103S5F.jpg'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) expected_filename = ('C:\\Users\\random\\Downloads\\bunnies.jpg') expected_event_values = { 'file_size': 222255, 'original_filename': expected_filename, 'timestamp': '2016-06-29 21:37:45.618000' } self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_message = expected_filename expected_short_message = 'Deleted file: {0:s}'.format( expected_filename) event_data = self._GetEventDataOfEvent(storage_writer, events[0]) self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def testParseVista(self): """Tests the Parse function on a Windows Vista RecycleBin file.""" parser = recycler.WinRecycleBinParser() storage_writer = self._ParseFile(['$II3DF3L.zip'], parser) self.assertEqual(storage_writer.number_of_warnings, 0) self.assertEqual(storage_writer.number_of_events, 1) events = list(storage_writer.GetEvents()) expected_filename = ( 'C:\\Users\\nfury\\Documents\\Alloy Research\\StarFury.zip') expected_event_values = { 'file_size': 724919, 'original_filename': expected_filename, 'timestamp': '2012-03-12 20:49:58.633000' } self.CheckEventValues(storage_writer, events[0], expected_event_values) expected_message = expected_filename expected_short_message = 'Deleted file: {0:s}'.format( expected_filename) event_data = self._GetEventDataOfEvent(storage_writer, events[0]) self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def setUp(self): """Sets up the needed objects used throughout the test.""" self._parser = recycler.WinRecycleBinParser()
def setUp(self): """Makes preparations before running an individual test.""" self._parser = recycler.WinRecycleBinParser()